| Privacy-PreservingMachine Learningfor Speech Processing | 3 |
---|
| Supervisor’s Foreword | 6 |
| Acknowledgments | 8 |
| Contents | 10 |
| Acronyms | 15 |
| Part I | 15 |
| 16 | 15 |
---|
| 1 Thesis Overview | 17 |
| 1.1 Motivation | 17 |
| 1.2 Thesis Statement | 18 |
| 1.3 Summary of Contributions | 19 |
| 1.4 Thesis Organization | 20 |
| References | 20 |
| 2 Speech Processing Background | 21 |
| 2.1 Tools and Techniques | 21 |
| 2.1.1 Signal Parameterization | 21 |
| 2.1.2 Gaussian Mixture Models | 22 |
| 2.1.3 Hidden Markov Models | 22 |
| 2.2 Speaker Identification and Verification | 24 |
| 2.2.1 Modeling Speech | 24 |
| 2.2.2 Model Adaptation | 26 |
| 2.2.3 Supervectors with LSH | 27 |
| 2.2.4 Reconstructing Data from LSH Keys | 29 |
| 2.3 Speech Recognition | 30 |
| References | 31 |
| 3 Privacy Background | 33 |
| 3.1 What is Privacy? | 33 |
| 3.1.1 Definitions | 33 |
| 3.1.2 Related Concepts | 34 |
| 3.1.3 Privacy-Preserving Applications | 35 |
| 3.1.4 Privacy-Preserving Computation in this Thesis | 36 |
| 3.2 Secure Multiparty Computation | 36 |
| 3.2.1 Protocol Assumptions | 38 |
| 3.2.2 Adversarial Behavior | 39 |
| 3.2.3 Privacy Definitions: Ideal Model and Real Model | 40 |
| 3.2.4 Encryption | 41 |
| 3.2.5 Masking | 47 |
| 3.2.6 Zero-Knowledge Proofs and Threshold Cryptosystems | 49 |
| 3.2.7 Oblivious Transfer | 51 |
| 3.2.8 Related Work on SMC Protocols for Machine Learning | 53 |
| 3.3 Differential Privacy | 53 |
| 3.3.1 Exponential Mechanism | 55 |
| 3.3.2 Related Work on Differentially Private Machine Learning | 56 |
| 3.3.3 Differentially Private Speech Processing | 56 |
| References | 57 |
| Part II | 57 |
| 60 | 57 |
---|
| 4 Overview of Speaker Verification with Privacy | 61 |
| 4.1 Introduction | 61 |
| 4.2 Privacy Issues and Adversarial Behavior | 62 |
| 4.2.1 Imposter Imitating a User | 63 |
| 4.2.2 Collusion | 64 |
| 4.2.3 Information Leakage After Multiple Interactions | 64 |
| References | 65 |
| 5 Privacy-Preserving Speaker Verification Using Gaussian Mixture Models | 66 |
| 5.1 System Architecture | 66 |
| 5.2 Speaker Verification Protocols | 68 |
| 5.2.1 Private Enrollment Protocol | 69 |
| 5.2.2 Private Verification Protocols | 69 |
| 5.3 Experiments | 71 |
| 5.3.1 Precision | 72 |
| 5.3.2 Accuracy | 72 |
| 5.3.3 Execution Time | 72 |
| 5.4 Conclusion | 73 |
| 5.5 Supplementary Protocols | 74 |
| References | 77 |
| 6 Privacy-Preserving Speaker Verification as String Comparison | 78 |
| 6.1 System Architecture | 79 |
| 6.2 Protocols | 80 |
| 6.3 Experiments | 81 |
| 6.3.1 Accuracy | 81 |
| 6.3.2 Execution Time | 82 |
| 6.4 Conclusion | 83 |
| References | 83 |
| Part III Privacy-Preserving Speaker Identification | 84 |
| 7 Overview of Speaker Identification with Privacy | 85 |
| 7.1 Introduction | 85 |
| 7.1.1 Speech-Based Surveillance | 85 |
| 7.1.2 Preliminary Step for Other Speech Processing Tasks | 86 |
| 7.2 Privacy Issues and Adversarial Behavior | 87 |
| 7.2.1 Collusion | 88 |
| 7.2.2 Information Leakage After Multiple Interactions | 88 |
| 8 Privacy-Preserving Speaker Identification Using Gaussian Mixture Models | 89 |
| 8.1 Introduction | 89 |
| 8.2 System Architecture | 90 |
| 8.3 Speaker Identification Protocols | 91 |
| 8.3.1 Case 1: Client Sends Encrypted Speech Sample to the Server | 91 |
| 8.3.2 Case 2: Server Sends Encrypted Speaker Models to the Client | 93 |
| 8.4 Experiments | 95 |
| 8.4.1 Precision | 95 |
| 8.4.2 Accuracy | 95 |
| 8.4.3 Execution Time | 95 |
| 8.5 Conclusion | 96 |
| References | 96 |
| 9 Privacy-
|